Internal Audit Manager, Privacy Risk Management jobs in United States
cer-icon
Apply on Employer Site
company-logo

McKesson · 2 days ago

Internal Audit Manager, Privacy Risk Management

positionIrving, TX
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$101K/yr - $168K/yr
date7+ years exp

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. The Audit Manager, Privacy Risk Management, leads regulatory and compliance audits and special projects, focusing on enterprise-wide privacy risk management and collaborating closely with various departments to identify and mitigate privacy risks.

BiopharmaBiotechnologyHealth CareInformation TechnologyPharmaceutical
check
H1B Sponsor Likelynote

Responsibilities

Lead the development and execution of audits for privacy risk management, a Tier 1 McKesson enterprise risk
Champion the integration of Privacy by Design principles into audit planning, execution, and reporting
Actively participate in business unit risk assessments and stakeholder meetings to identify emerging regulatory and compliance exposures, and contribute to internal audit’s risk assessment and audit planning processes
Audit Privacy Impact Assessments across business units and third-party relationships
Collaborate with stakeholders to identify, test, and remediate privacy risks before they materialize
Audit vendor compliance with privacy and security requirements, including contractual obligations, operational practices, and incident response capabilities
Ensure robust third-party risk management frameworks are in place and regularly reviewed against compliance requirements
Monitor evolving privacy regulations—including HIPAA, GDPR, CCPA, and other global, federal, and state laws—for application within the business and audit function
Ensure audit programs (RACMs) and the regulatory and compliance risk universe are continuously updated to reflect emerging privacy obligations and other compliance requirements
Collaborate with audit leadership, IT Security, Legal, Privacy, and Compliance teams to support integrated risk management under a combined assurance model
Communicate regulatory and compliance risk findings, recommendations, and best practices to key stakeholders and executives
Mentor internal audit staff on privacy risk management and provide updates on emerging privacy and regulatory trends
Manage regulatory and compliance-scoped audits in engagement planning, execution, reporting, and issue monitoring
Stay abreast of risk areas subject to FDA, DEA, State Boards of Pharmacy, CMS, OIG, OCR and DOJ requirements pertinent to McKesson business units
Review and approve final work papers to ensure adherence to department audit Quality Assessment Review standards

Qualification

Data privacy regulationsPrivacy by DesignPrivacy Impact AssessmentsThird-party privacy complianceDigital privacy assessment toolsHealthcare lawsRegulationsStaff managementCommunication skillsCritical thinkingTime managementProject managementNegotiation skills

Required

Degree or equivalent and typically requires 7+ years of relevant experience in regulatory and compliance experience, with 5+ years of demonstrated expertise in privacy risk management, preferably in healthcare, law, or Fortune 100 environments
Advanced knowledge of data privacy regulations (HIPAA, GDPR, CCPA, etc.), Privacy by Design, and Privacy Impact Assessments
Experience auditing third-party/vendor privacy compliance and monitoring regulatory changes
Specific knowledge of healthcare laws and regulations
Proficiency with digital privacy assessment tools (e.g., OneTrust) and use of artificial intelligence to gain efficiencies
Excellent written and verbal communication, negotiation, and collaboration skills
Excellent critical thinking and time management skills are a must
Strong project and staff management capabilities
One of the following: Certified in Healthcare Compliance (CHC), Certified Compliance and Ethics Professional (CCEP) required

Preferred

Prior knowledge of Canadian, and U.S. state privacy laws highly desirable
Experience developing privacy training and communications for staff and vendors preferred
Advanced degree as Juris Doctor, preferred
Certified in Healthcare Privacy Compliance (CHPC), or Certified Information Privacy Professional (CIPP), Certified Internal Auditor (CIA), or CPA, is highly desired

Company

McKesson

twittertwittertwitter
Glassdoor3.7
company-logo
McKesson distributes medical supplies, information technology, and care management products and services.
dateFounded in 1833
location
Irving, Texas, USA
people-size10001+ employees
web-link
http://www.mckesson.com

H1B Sponsorship

McKesson has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (149)
2024 (129)
2023 (82)
2022 (142)
2021 (144)
2020 (154)

Funding

Current Stage
Public Company
Total Funding
unknown
1994-11-18IPO

Leadership Team

leader-logo
Brian Tyler
CEO
linkedin
leader-logo
Jim McAuliffe
CFO
linkedin

Recent News

Benzinga.com
Lockheed Martin, QXO And A Health Care Stock On CNBC's 'Final Trades'
2026-01-06
MedCity News
Trends in Health IT – What Should Organizations Prioritize in 2026?
2026-01-03
Seattle TechFlash
Fortune 50 company sells shuttered Rock Hill facility for $26.5M
2025-12-22
Company data provided by crunchbase